This can happen when you install more then one package per website depending on the packagees, file and folder names etc. I will see if we add a option that the admin can disable the ability to install more then one package per site.

I tried to use the installer to install wordpress 3.5 to the root of a website.

Unfortunately I got "installation_error". When I check in the error.log file I see that wp-load.php tries to access to /var/www/<website>/wp-config.php file instead of /var/www/<website>/web/wp-config.php

Is it an aps installer error or something missconfig on my side ? Where can I check APS installer logs ?

did a restart of apache, and still same problems, just really dont get how 3.0.4 would work and now 3.0.5 doing this?

Click to expand...

Thousands of lines of code have been changed or added and the new setup is stricter and more secure, so this can lead to problems. We did not had such a problem in our tests, I will add your problem to our bugtracker so we can test it on centos 6.3 again.

What you can do as a workaround is to edit the /etc/httpd/sites-enabled/000-ispconfig.vhost file and remove the # in fron of the line:

This version seems to complete everything he failed to ISPConfig
This is perfect!
However I have some suggestions:Major security problems :
-Check if the mail you want use is not already used by another
-Secure domain-management, because right now we can use any domain name that is well configured or not and the most important is that you can use the domain name of the other clients, even that is the domain of the host causing a problem with the security (easy Fishing for every one !)
-So there is a very big problem: If a client makes a false certificate SS ... all the server (apache) crash! and without exception! Without exception!
It was all i think..

-Check if the mail you want use is not already used by another
-Secure domain-management, because right now we can use any domain name that is well configured or not and the most important is that you can use the domain name of the other clients, even that is the domain of the host causing a problem with the security (easy Fishing for every one !)

Click to expand...

This is a configuration issue in your install and not a security issue as ispconfig has functions to protect you against this. The function is named domain limit. Go to System > Interface > Main config and enable the checkbox "Use the domain limits in client module to add new domains" to enable the domain limit function.

The domain limit function is visible then in the left menu of the client module.

-So there is a very big problem: If a client makes a false certificate SS ... all the server (apache) crash! and without exception! Without exception!

Click to expand...

This problem existed in 3.0.4.6 as apache is not able to skip malformed ssl certificates. It has been solved in 3.0.5 by including the ssl configuration part into the config rollback, so a client can not crahs apache anymore as ispconfig will use the last working configuration or ssl certificate.